Privacy policy

We collect what we need to bake for you and nothing more: your name, email, phone, order history, and custom cake inquiry details. We use Stripe to process payments, Supabase to store data, Resend to email you, and Cloudinary to host any reference photos you upload. We don’t sell your info — full stop.

Bakesters is a sole proprietorship owned and operated by Jennifer Ramsey out of a home kitchen in Delaware, Ohio. Privacy questions can be sent through our contact form.

When you sign in — email address. We use a magic-link system, so we never see or store a password.

When you place an order — name, email, phone number, pickup date and notes, the items you ordered, totals, and a reference to the payment held by Stripe.

When you submit a custom inquiry — event type and date, serving count, flavor and design preferences, dietary notes, contact info, and any reference photos you choose to upload.

Automatically — a small amount of technical data like your IP address and browser user-agent, used only to keep the site running and catch abuse.

To take and fulfill your order, send order confirmations and pickup reminders, reply to your custom inquiry with a quote, and improve the site. Nothing else.

We do not sell or rent your information to anyone.

We only share your data with the services we use to operate the bakery. Each provider has their own privacy policy; we link out to each.

• Stripetheir privacy policy ↗
  Payment processing. They see your card details; we never do.
• Supabasetheir privacy policy ↗
  Hosts our database and authentication.
• Resendtheir privacy policy ↗
  Sends the email you receive from us (order confirmations, magic-link sign-ins, inquiry replies).
• Cloudinarytheir privacy policy ↗
  Hosts any reference images you upload with a custom inquiry.
• Verceltheir privacy policy ↗
  Hosts the website itself.

We use a small set of cookies and browser storage for essential functions only:

• Authentication cookies set by Supabase so you stay signed in across pages.
• A local bakesters.cart.v1entry in your browser’s localStorage that remembers what’s in your cart.
• Session cookies set by Stripe during checkout to prevent fraud.

We don’t run ad networks, don’t track you across other sites, and don’t use analytics beyond Vercel’s basic traffic counts.

Use our contact form at any time to:

• See what data we have about you
• Correct anything inaccurate
• Delete your account and order history (subject to the record-keeping requirements of Ohio Cottage Food Law)
• Opt out of non-transactional email (order confirmations and pickup reminders can’t be opted out of because they’re part of fulfilling your order)

California residents: you have the rights granted by the CCPA, including the right to know and the right to delete. We’ll honor these requests the same way.

The site isn’t directed at anyone under 13. We don’t knowingly collect information from children. If you believe a child has submitted information, email us and we’ll delete it.

All traffic to the site is served over HTTPS. Payment card data never touches our servers — it goes straight to Stripe over a secure channel. Your Supabase password would be a magic-link token that expires in an hour. That said, no system is ever 100% secure; if you notice anything strange, tell us.

Orders and inquiries are kept while your account exists and for up to 3 years after for tax and cottage-food record-keeping. Uploaded inquiry images are kept on Cloudinary for as long as the inquiry is open and deleted on request.

We may update this policy as the business grows. The “Last updated” date above reflects the most recent revision. Continuing to use the site after an update means you accept the new policy.

Privacy questions, data requests, or anything else — send a note through our contact form.